CVE-2018-1478

CWE-20Improper Input Validation3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.1%
top 64.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Bigfix Platform
Timeline
PublishedDec 12
Latest updateMay 13

Description

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 140760.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDibm/bigfix_platform9.2.09.2.14+1
CVEListV5ibm/bigfix_platform4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-x3j8-wcg9-5v7q: IBM BigFix Platform 92022-05-13
CVEList
CVE-2018-1478: IBM BigFix Platform 92018-12-12
CVE-2018-1478 (MEDIUM CVSS 6.1) | IBM BigFix Platform 9.2.0 through 9 | cvebase.io